e2e-test-hardener
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill provides legitimate guidance on hardening E2E tests based on established principles (independence, mocking, and flaky prevention). It includes warnings about environment variable leakage and emphasizes proper architectural boundaries.
- [NO_CODE]: The skill is composed of instructional Markdown files and configuration JSON. It does not ship with executable scripts or binaries that could perform hidden actions.
- [COMMAND_EXECUTION]: The skill recommends using standard developer tools such as
grepandnpx playwright test. These commands are used strictly for identifying anti-patterns in code and verifying test stability via burn-in procedures. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection because it instructs the agent to read and process user-controlled test files and source code. This is classified as a low-risk surface inherent to code-editing skills.
- Ingestion points: User-provided Playwright test specifications and application source code files (e.g.,
path/to/tests). - Boundary markers: Not explicitly defined in the instructions; the agent treats file content as source code to be refactored.
- Capability inventory: The agent can execute shell commands (e.g.,
grep,npx playwright test), read files, and write modifications back to the filesystem. - Sanitization: The skill lacks automated sanitization for ingested content, but it explicitly instructs the agent to look for and prevent the exposure of sensitive internal environment variables.
Audit Metadata